[eduVPN-deploy] User and Management traffic on two separate NICs?
Stefan Winter
stefan.winter at restena.lu
Tue Aug 18 10:59:51 CEST 2020
Hello,
while I have a working PoC of eduVPN now, however it is still not
optimal for real-life deployment.
There is an outside firewall which restricts access to the server's
(currently: only one) IP for management purposes (outbound HTTP/S for
update fetching, inbound SSH only from our mgmt).
When a user connects to the VPN, he is NATed to that IP, and thus is
restricted by the outside firewall.
The obvious solution is to have a second NIC/outside NAT IP for user
traffic.
I wonder what I need to change in the eduVPN config after having
installed the second interface. Is the only relevant option the iptables
NAT ruleset, which needs to NAT to the new interface? Anything else I
need to change?
Greetings,
Stefan Winter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://list.surfnet.nl/pipermail/eduvpn-deploy/attachments/20200818/a66e365a/attachment.sig>
More information about the eduVPN-deploy
mailing list